CVE-2023-46837

2024-01-0517:15:11

Google

osv.dev

arm

cache helpers

arithmetics overflow

memory

xsa-437

undefined behavior

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Arm provides multiple helpers to clean & invalidate the cache
for a given region. This is, for instance, used when allocating
guest memory to ensure any writes (such as the ones during scrubbing)
have reached memory before handing over the page to a guest.

Unfortunately, the arithmetics in the helpers can overflow and would
then result to skip the cache cleaning/invalidation. Therefore there
is no guarantee when all the writes will reach the memory.

This undefined behavior was meant to be addressed by XSA-437, but the
approach was not sufficient.

CPENameOperatorVersion
xeneq4.15.1-r0
xeneq4.11.0-r0
xeneq4.14.5+24-g87d90d511c-1
xeneq4.3.0-r8
xeneq4.17.0+46-gaaf74a532c-1
xeneq4.0.1-r3
xeneq4.16.4-r1
xeneq4.2.1-r1
xeneq4.14.3+32-g9de3671772-1~deb11u1
xeneq4.14.4+74-gd7b22226b5-1

Name	Operator	Version
xen	eq	4.15.1-r0
xen	eq	4.11.0-r0
xen	eq	4.14.5+24-g87d90d511c-1
xen	eq	4.3.0-r8
xen	eq	4.17.0+46-gaaf74a532c-1
xen	eq	4.0.1-r3
xen	eq	4.16.4-r1
xen	eq	4.2.1-r1
xen	eq	4.14.3+32-g9de3671772-1~deb11u1
xen	eq	4.14.4+74-gd7b22226b5-1